Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

Access control and user rights for internal web users is handled by Fælleskommunal Adgangsstyring https://digitaliseringskataloget.dk/l%C3%B8sninger/adgangsstyring-brugere

It was agreed to use Context Handler 2 as it was in production when OS2valghalla is production ready.

This means Context Handler 1 is not supported in OSvalghalla.

Context handler 2 roadmap

Skærmbillede 2024-01-19 kl. 14.03.45.png

Security level

It was a non-functional requirement to OS2valghalla 3.0 to support NSIS.

Using an Excel tool made by Digitaliseringsstyrelsen and KOMBIT the required security level has been set to ‘Betydelig’. This was done with help from Thomas Vangsaa from Vangsaa Consult.

Requirements for local IdP’s in municipalities

In January 2024 during the implementation in three test municipalities it became clear that not all municipalities have their local IdP setup for Context Handler 2 and NSIS yet. Some municipalities have also decided not to use their IdP for NSIS login but instead handle it using MitID Erhverv.

If the municipality can’t support Contet Handler 2, they will not be able to login.

Getting local IdP ready for NSIS

The proces of getting the IdP NSIS ready is a bit complicated: https://digitaliseringskataloget.dk/digitaliseringsstyrelsen-har-accepteret-nsis-anmeldelse-af-context-handler-2 and https://docs.kombit.dk/id/ededbde2

Thankfully KOMBIT will distribute a so called ‘KLIK-opgave' that describes what is needed. The task has a deadline in May '24 (in relation to the new VALG-system) so we can’t demand it to be solved by the municipalities. But we can point to it to make them setup both their local IdP and their Fælleskommunal Adgangsstyring setup.

NSIS vs. NIST security level

Until municipalities are ready for NSIS, it is possible to configure each municipality’s OS2valghalla to use NSIT security level instead. This is done the supplier end of Fælleskommunal Adgangsstyring.

According to KOMBIT there is no available tool to set a NIST level. They suggest this “translation”:

Umiddelbart findes der ikke noget tilsvarende til at fastsætte et NIST niveau, men man laver normalt en oversættelse der hedder

NSIS – NIST

Lav – 2

Betydelig – 3

Høj – 4

We will set NIST security level to 3.

Municipalities with NSIS enabled IdP

On KOMBIT writes:

Det er selvfølgelig op til den enkelte kommune, om de vil have deres IdP til at blive NSIS godkendt.

I sådanne tilfælde vil deres medarbejdere blive sendt over til NemLog-In 3 for at logge på med deres MitID i stedet.

Så i kan sagtens lave et system, der kræver NSIS, kommunerne kan blot selv vælge om deres egen IdP skal NSIS godkendes eller de vil logge på via MitID erhverv.

For jeres system vil der ikke være nogen forskel.

For kommunerne kræver det at de sender medarbejderens NL3 UUID eller CPR med, så vi kan sammenligne det vi få tilbage fra MitID erhverv.

Når vi kan se at informationerne er det samme så sætter vi roller på som vi plejer.

Hvis kommunen slet ikke har en IdP skal de lægge brugernes roller mv i vores attributservice.

  • No labels